Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.5 > vBulletin 3.5 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
[AJAX] vBShout v2.0 Details »»
[AJAX] vBShout v2.0
Version: 2.0, by Zero Tolerance Zero Tolerance is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Version: 3.5.0 RC2 Rating:
Released: 07-27-2005 Last Update: 04-22-2006 Installs: 1831
Uses Plugins Template Edits
Additional Files  
No support by the author.

[high]Staff Edit/Update[/high]

I have released an updated version of this hack (version 2.0.1), this version fixes some security issues with this hack. All version prior to this one allow users to insert html in their shouts, this can cause problems with them using html that breaks the site layout or malicious javascript. Download the new zip file (vBshout_fixed.zip) and upload the new vbshout.php file to patch/upgrade. If you want to manual instructions they are in the zip file, in the file bugfixes.txt

Second Staff update

I've uploaded a new version of this hack, dubbed '2.0.2'. This one should fix the html injection issues without breaking special characters. To upgrade, download the new zip file and upload the new vbshout.php file.

Please note that this only fixes the html injection issues. I do not use this hack on my own forum (although I've tested this on a client's board) so I will not be fixing the server load issues. I suggest you do not install this hack if you can't deal with the extra server load, as it's rather intensive.

- Brad

[high]End staff edit[/high]

Well, been a while since I've been to vb.org and released anything, thought i'd break the trend and whip up something quick while I have a little spare time.

A shoutbox as you would assume, a very simple one to start off with, but does include AJAX Technology, which pushes the shoutbox 1 step closer to live, messages from other people will appear with no refreshing, and so will yours that you post

A preview is below, i'd estimate a 50 second installation max

Primary Features:
- AJAX Technology (no refreshing)
- Administration control an display element options
- Fast format editor

Change Log::

- v1.1:
WOL (Who's Online) Correction

- v1.2:
New Posting Featurs (Bold/Italic/Underline/Colour/Font)
Admin Controls

- Change location/position of shoutbox
- Change number of shouts displayed
- Switch vbcode/similes on/off
- v1.3
Firefox javascript issue fixed
New Admin Controls

- Command Activation
- Swtch extra format options on/off
- Change position of editor (above/below messages)
New Commands

- /prune (Clears the shoutbox completely)
- /prune [username] (Clears all shouts posted by specified user)
- v1.4
Usergroup HTML Markup For Usernames
Clear Editor Button
Emoticons Pop Up Menu
Time display configurated to vBulletin settings
Username Links To Profile
New Admin Conrols

New vBShout Position (Directly Above Forums)
Banned Users
Banned Usergroups
Banned Permissions
Smilie Pop-Up Box Height
Smilie Pop-Up Box Width
New Commands

"/me" - Action message (all users are able to use this command)
/pruneshout [shout] - Deletes a single shout
- v1.5
Improved Smilies Display
XHTML 1.0 Transitional Valid (couple of errors fixed)
New Admin Options

Shoutbox Height
Smilies To Show
Shout Messages Order
Banned Permissions (fixed)
- v1.6
Bug Fixes:

- Unable to delete shouts that used /me command fixed
- Shouts being displayed from bottom-upwards only showed first 20 shouts
Automatically parses URL's

- v2.0
New Archive

- Displays shouts and pages
- Stats and top 10 shouters
- AJAX Edit/Delete (staff can edit/delete all shouts)
Enjoy,

- Zero Tolerance

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2192  
Old 09-06-2006, 03:19 PM
da420 da420 is offline
 
Join Date: Nov 2005
Posts: 1,232
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by bitg
Is this compatible with 3.60 yet?
It works on most 3.6 boards.
Reply With Quote
  #2193  
Old 09-06-2006, 03:46 PM
Neo_obs Neo_obs is offline
 
Join Date: Mar 2006
Location: Disneyland, CA
Posts: 363
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by o0Hubba0o
Because the same person just did my site, went into ftp and changed the name of the shoutbox.php file. Had to ctrl/alt/del to close browser (because clicking cancel on the pop up wouldn't close it) and then restart it and the site worked fine.
sounds like frontpage or flash chat security holes.

Shoutbox cant do that it only allowed homepage redirects or what ever page shoutbox is on.
Reply With Quote
  #2194  
Old 09-06-2006, 06:37 PM
o0Hubba0o's Avatar
o0Hubba0o o0Hubba0o is offline
 
Join Date: Mar 2005
Location: Minnesota
Posts: 263
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Neo_obs
sounds like frontpage or flash chat security holes.

Shoutbox cant do that it only allowed homepage redirects or what ever page shoutbox is on.
Well, unless it's possible to have those security holes without installing those. Like I said, I renamed the shoubox's php file and it was fine. I went through and banned him and his ip, renamed the php file and went back to the site the pop up came up one more time, I was able to close it this time. Pruned the shoutbox and no more problems.
Reply With Quote
  #2195  
Old 09-06-2006, 09:00 PM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Prune the shoutbox and you have no more problems???
Reply With Quote
  #2196  
Old 09-07-2006, 02:13 AM
o0Hubba0o's Avatar
o0Hubba0o o0Hubba0o is offline
 
Join Date: Mar 2005
Location: Minnesota
Posts: 263
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Shazz
Prune the shoutbox and you have no more problems???
[high]* o0Hubba0o sighs
[/high]

renamed the file, banned him, pruned the shoutbox all that stuff, not just purned the shoutbox. The shoutbox is the only thing I worked with to get rid of the problem, I don't have flash chat or front page or whatever the other member said. I re-downloaded the files yesterday to double check and the php file has the same version as the one I have installed.
Reply With Quote
  #2197  
Old 09-07-2006, 02:56 AM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by o0Hubba0o
[high]* o0Hubba0o sighs
[/high]

renamed the file, banned him, pruned the shoutbox all that stuff, not just purned the shoutbox. The shoutbox is the only thing I worked with to get rid of the problem, I don't have flash chat or front page or whatever the other member said. I re-downloaded the files yesterday to double check and the php file has the same version as the one I have installed.
ohhhh i see , thank you for making more sense
Reply With Quote
  #2198  
Old 09-07-2006, 10:33 PM
syrus.xl's Avatar
syrus.xl syrus.xl is offline
 
Join Date: Jun 2005
Location: In a cyber world...
Posts: 999
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My site was hacked through vbShout this evening. A new member joined and posted code numerous times, which caused a directory popup box to appear, asking for username and password.

I managed to squeeze in a /prune to override it, and ban the user. I've now closed my site off to new registrations.

Another mod I need to uninstall...shame I liked this as well.
Reply With Quote
  #2199  
Old 09-07-2006, 10:45 PM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by syrus.xl
My site was hacked through vbShout this evening. A new member joined and posted code numerous times, which caused a directory popup box to appear, asking for username and password.

I managed to squeeze in a /prune to override it, and ban the user. I've now closed my site off to new registrations.

Another mod I need to uninstall...shame I liked this as well.
What kinds of things did he post?
How do you stop it or watch, instead of just disabling..
Reply With Quote
  #2200  
Old 09-07-2006, 10:55 PM
syrus.xl's Avatar
syrus.xl syrus.xl is offline
 
Join Date: Jun 2005
Location: In a cyber world...
Posts: 999
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The code I would have thought was some type of re-write code, because it looked like I had placed a passworded directory on my entire site. There was an image, with a red x but nothing showed up, but no text was showing - just the username. I won't post the whole contents on here, because its a public board, but I did a search on Google and it showed up in a number of places.

This is the second attempt within a few days, but the other person tried posting re-direct HTML in in a thread, luckily it failed.

I used to have FlashChat installed, but that now just leaves your site open to attack. Going to see if I can tighten my coding to prevent this happening again.
Reply With Quote
  #2201  
Old 09-08-2006, 04:26 AM
GoTTi GoTTi is offline
 
Join Date: Jun 2002
Posts: 1,346
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

so the shoutbox is now being used as an exploit tool...thats great.

/me uninstalls
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:02 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05896 seconds
  • Memory Usage 2,323KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (6)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete